Security News > 2021 > July > The Life Cycle of a Breached Database

Every time there is another data breach, we are asked to change our password at the breached entity.

A decent crypto-mining rig can quickly crack a majority of password hashes generated with MD5. "You hand that over to a person who used to mine Ethereum or Bitcoin, and if they have a large enough dictionary then you can essentially break 60-70 percent of the hashed passwords in a day or two," said Fabian Wosar, chief technology officer at security firm Emsisoft.

From there, the list of email addresses and corresponding cracked passwords will be run through various automated tools that can check how many email address and password pairs in a given leaked data set also work at other popular websites.

Much like WeLeakInfo and others operated before being shut down by law enforcement agencies, these services sell access to anyone who wants to search through billions of stolen credentials by email address, username, password, Internet address, and a variety of other typical database fields.

The more insidious threat with hacked databases comes not from password re-use but from targeted phishing activity in the early days of a breach, when relatively few ne'er-do-wells have got their hands on a hot new hacked database.

That's because password managers handle the tedious task of creating and remembering unique, complex passwords on your behalf; all you need to do is remember a single, strong master password or passphrase.

News URL

https://krebsonsecurity.com/2021/07/the-life-cycle-of-a-breached-database/